Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: dtracing unlink



On Fri, 20 Oct 2023, Thomas Klausner wrote:

I'm trying to find out what a program does, and found it does a lot of
unlink syscalls, so I wanted to see what it unlinks.
[...]
What's the proper way to do this?


Here you go (written ages ago for 9.0, should still work on -HEAD):

```
#!/usr/sbin/dtrace -s

#pragma D option destructive
#pragma D option quiet

syscall::unlink:entry
{
	/*
	 * NetBSD doesn't supply the ``cwd'' dtrace variable, so
	 * can't use an external program which does realpath(3)
	 * in order to check for files only in specific directories.
	 * Therefore, we just print everything and use fgrep(1)
	 * to pick filenames (relaive and absolute) we want.
	 */
	printf("%d %d %s %s\n", uid, pid, execname, copyinstr(arg0));
/*
	printf("%d %d %s ", uid, pid, execname);
	system("pr_realpath -p %d %s", pid, copyinstr(arg0));
	printf("\n");
*/
}

syscall::unlinkat:entry
{
	printf("%d %d %s 0x%x %s\n", uid, pid, execname, arg0, copyinstr(arg1));
}
```

-RVP


Home | Main Index | Thread Index | Old Index